Posts Tagged ‘USB’

With all of the news about hackers, virus writers, etc, using USB drives, or thumb drive, to install malicious code on unsuspecting users machines, I thought I would post a quick and easy way for anyone to disable the autorun, or autoplay, feature on their computers that have USB ports. This is not only a good idea on that it can save you from seeing the same old screens all the time, it will block against it automatically installing programs, malware, etc, on your computer. Itelliadmin has a great little program that you can run to turn it off or back on if needed, USB Drive Disabler – enable or disable USB drives on your Windows 2000, 2003, or XP systems or you can use USB Remote Drive Disabler – same capabilities as USB Drive Disabler only you can do it across your LAN.

If you don’t want to download and run a free utility, here is a page that tells you step by step how to do it on your machine, How to disable Autoplay, but this method disables the autoplay on both your CD Rom drives and USB drives. This method would have the benefit of blocking some CD’s from installing the DRM, like from the Sony fiasco, but it would not automatically play music cd’s on installation programs.

As an example of what can happen when you allow the autoplay to run on USB drives, there is a new worm making the rounds that uses a method of infection that was last seen in the early 1990′s, ah, the good old days. The only difference in this worm is it uses the USB drive and not a floppy drive, Sophos has decided to call this worm the SillyFD-AA worm, and once it is on a USB drive it bypasses network security and runs when the drive is plugged in.

“With USB keys becoming so cheap, they are increasingly being given away at tradeshows and in direct mailshots.,” said Sophos’s security guru, Graham Cluley. “With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code.”

“In this example, changing the title of the Internet Explorer browser indicates that this particular variant of the worm has not been written with completely clandestine intentions. A savvier internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue,” he said.

In recent times, USB drives have become corporate enemy number one. They can be used to steal data without attracting attention, to host malware of various sorts, and ruin the best-laid but unsuspecting compliance regimes. Source: Retro worm sniffs out USB drives

So if the title in your copy of Internet Explorer says Hacked by 1BYTE, you have been infected. At least they are nice enough to tell us they have done it, the next?s guys will not be so accommodating.

There have been many other stories involving thumb drives lately, like Hackers Using USB Drives to Spread Banking Malware, where they left USB drives in a London car park in hopes that users will carry them home and insert them into a USB drive, infecting their computers with the malware they have created to steal login id?s and password to the users online banks, or this one, Social Engineering, the USB Way, where a security company was testing bank employees and left thumb drives in the smoking areas, outside the bank etc, and 75% of them got inserted into a machine and were sending back info to the security team, in which they could use to compromise additional systems.

This is one cool little USB drive, and I am currently looking for a Windows version, drop a comment if you know of one. The MacLockPick is a USB device that will allow you to perform live computer forensics on a suspects Mac OS X system, once the software is run, the drive will extract data from the Apple Keychain and system settings to give the examiner fast access to the suspect’s critical information with as little interaction or trace as possible.

MacLockPick takes advantage of the fact that the default state of the Apple Keychain is open, even if the system has been put to sleep. It also makes use of the openly readable settings files used to keep track of your suspect’s contacts, activities and history. These data sources even include items that your suspect may have previously deleted or has migrated from previous Mac OS X computers. Source: MacLockPick, live forensics for OS X via MacUser

Here is some of the data you will have after the software runs:
System passwords.
General passwords.
Internet passwords.
Appleshare passwords.
Folder dates.
Disk images.
Files that have been viewed in the preview program.
Recent QuickTime file names.
Recent Applications, Documents, and Servers.
IM default login and buddy list.
Email account details, address book and opened attachments.
Complete web history, including search strings in the Google toolbar, cached bookmarks, current bookmarks, cookies, and browsing history, including the number of times visited and the date and time of the most recent visit!
Serial numbers of attached iPods.
Bluetooth devices.
Wifi connections.
Network interfaces.

Unfortunately, this device if for law enforcement only, you must provide proof that you are a licensed law enforcement professional and that the use of this technology is legal on federal, state and local levels.

1 comment - What do you think? Posted by
Jimmy Daniels -
April 27, 2007 at 2:43 pm

Boy, if this isn’t a good idea for some hackers to implement, then I don’t know what is. They have left USB drives in a London car park in hopes that users will carry them home and insert them into a USB drive, infecting their computers with the malware they have created to steal login id’s and password to the users online banks.

Banking Trojans are written for profit and sold through Russian language websites and elsewhere for between $2,000 and $5,000. Two of the main groups of Trojan malware authors – Corpse and SE-Code – are based in Russia and “market” the Haxdoor and Apophis strains of banking Trojans. An unknown Russian speaking virus writer group is behind Torpig, another banking Trojan family. Malicious code variants of the Bancos Trojan are sold by an unnamed group in Brazil. Source: Hackers debut malware loaded USB ruse

A commenter suggested checking out this webpage from Dark Reading, Social Engineering, the USB Way in which a bank asked them to try to social engineer their way on the banks network to test out their employees. The employees even knew they were going to be tested, the gentleman from Secure Network Technologies Inc created a program that collected userids and passwords, loaded it onto USB drives and left them in the parking lot, smoking areas and other places that employees went and waited to see what happened. They almost immediately started receiving data as 15 of the 20 USB drives were found and inserted into users computers.

This may prove hard to beat, as people finding a USB drive will want to plug it into their computers to see what is on it. Very interesting.

2 comments - What do you think? Posted by
Jimmy Daniels -
April 25, 2007 at 7:19 pm

I’ve posted about Windows Readyboost before, the new feature in Windows Vista that allows you to use USB flash memory to speed up disk reads and writes, while there are motherboards already coming out with this flash memory built in, I bet lots of people are tired of a USB drive hanging off of their PC. Here are a couple devices that you can add to your desktop computer that will allow you to add the flash memory without having to have your USB drive hanging out of the front of your computer. From Channel 10:

You’ve probably seen by now that Windows Vista can be kicked up a notch by using a USB drive to help extend memory and cut the amount of time it takes for your computer to come back from sleep mode. But who wants a USB drive hanging off of their computer and taking up a precious external USB slot? New options are starting to show up to solve this. You may recall the ASUS motherboard that I mentioned in February that comes with Readyboost memory already on the board. Source: ReadyBoost Inside

The devices they are talking about are pretty cool, Innodisk’s Readyboost memory plugs into the USB pin connectors on your motherboard, and save that precious USB port for something else.

Currently there is a large offer of Ready Boost drives but one that will surely get anyone?s attention are InnoDisk’s new internal drives. Instead of taking up one precious USB port, the drives in question will simply connect to the motherboard’s USB pin connectors.

InnoDisk’s Ready Boost Memory comes in 2GB and 4GB flavors and although the are not the fastest drives out there with their 3MB/s for 512KB random read/write and 5MB/s for 4KB, price tags are set to be very attractive – $15 for the 2GB drive. Source: InnoDisk releases internal Ready Boost flash drives

The USB Header Adapter also plugs into one of the USB headers on the motherboard, and you can just plug your thumb drive into it, so if you already have a drive you can use, you can simply buy this header adapter for only $9 dollars and be ready to go.

Save with sweet new rebates at Crucial! Only $11.99 for a 1GB Gizmo! Overdrive
Buy a 1GB Gizmo! Overdrive (part# CT1GBUFDWHTH00) at Crucial.com for $24.99 or less, currently showing $21.99, between 2/22/07 and 3/8/07, and we’ll send you 10 bucks back by mail. Spend over $40 and you’ll get Free Shipping as well!

The Crucial Gizmo! USB thumb drive is a miniature, portable flash storage device that plugs into your computer’s USB port. This thumb drive can store any kind of file on them, digital documents, music, movies, and photographs and more. About the size and weight of a pack of gum, the Gizmo! drive slips easily into your pocket, purse, or briefcase. The Gizmo! drive is a full-speed device, compatible with USB 2.0 and 1.1 ports. A true Plug and Play solution, the Gizmo! drive automatically appears as a removable drive when plugged in to the USB port of your computer.

Read an interesting post from Ed Bott who discovered a way to get numbers when Windows Vista checks a USB drive to see if it is fast enough for Readyboost. You can get the numbers using Event Viewer, if a drive fails the test, click test again, then open event viewer, click the applications and services logs category in the tree to the left, then click Microsoft, Windows and then Readyboost, under the Readyboost heading select operational. The center window will show you performance test results for successful and unsuccessful attempts. He has posted images of the process, follow along here.

To be used as a ReadyBoost device, your flash drive has to pass several tests, including available free space, write performance, and random read performance. When you connect a supported flash device to your system and choose the Speed Up My System option, Windows Vista runs a quick performance test to see if the device meets minimum standards required for ReadyBoost. Those standards are:

2.5 MB/sec throughout for 4 KB random reads
1.75 MB/sec throughout for 512 KB random writes
These results must be consistent across the entire device. In addition, the device must be at least 235 MB in size (although you can designate less than the full space on the drive for the ReadyBoost cache).

The USB drive out of the 20 or so that he tried was the Apacer Handy Steno 2.0 USB flash drive. He purchased two of those 1GB drives (these are model HT203) for the low price of $24 each a few months ago. Grant Gibson has started lists of the USB drive that pass and the ones that fail

I was reading some articles this morning and I saw one referenced on Techmeme by John Dvorak called Will Vista make an impact? Commentary: It’s just not the same as earlier Windows releases. In it he describes how Microsoft is slipping on promoting it’s own products and technology, specifically, [tag]hybrid hard drives[/tag], a device that is needed to see benefits from Windows Readyboost, Windows Readydrive and some other technologies. So, I thought I would post an article about hybrid hard drives that contained what little I already knew with what I could find online.

It’s possible that some buzz will evolve, but it’s beginning to look like a pretty standard news story rather than anything like the marketing events we’ve seen in the past. I have to assume that the promoters who put on a worldwide show for Windows 95, for example, have long since left the company.

One of the interesting things I’m seeing is the relative ignorance of the computer-using public in general about the system requirements for Vista. Most obvious is the complete lack of knowledge regarding the next generation hard disk that is required to make Vista perform well.

Knowledgeable folks who should know about these drives never heard of them except in some relation to laptop battery life which seems to be the only promotion done so far. The only reason I know so much about them was by an odd coincidence of moderating a panel that discussed the drives in great detail. Source: MarketWatch

A hybrid drive is a new type of large-buffer computer hard drive, it’s different from standard hard drives because it uses a large non-volatile flash memory to cache data during normal use, such a drive developed by Samsung has a 2 gig cache. Windows Vista can use this cache for non-volatile data storage, so the platters of the hard drive are not spinning all of the time, as they do in current hard drives. There are three main reasons this will help Windows Vista run faster, including, decreased power consumption, improved reliability, and a faster boot process. This will help most users as the drives are only used between 2 and 10%, in some studies, of normal usage, there will be situations where more drive access will be needed, because of opening and closing of files, etc, and the benefit will not be as great.

So, the drives platters will be docked most of the time, allowing for less power consumption, mainly beneficial to notebook users, the hard drives will not put off as much heat, again, mainly useful to notebook users, less wear and tear on the drives, so they should last much longer, less noise, faster performance since most accesses will be to the flash and not the hard drive and an almost instant boot up process. As is the case of the Samsung drive, boot up data for the operating system can be contained completely on the flash portion of the drive allowing for boot up times of less than ten seconds. It has even been said that since the drives will not be running as hot, they should be able to increase the maximum rotation of the platters to allow for faster burst speeds than the 15,000 rpm limit on SCSI drives or the 10,000 rpm limit on some ide drives.

Some drawbacks I have seen include increased pricing, and the seek time of some file accesses will be increased because the platters will be at rest when a file from the hard drive is requested. If you have been in computers very long, you will remember the sound of some of the first scsi drives spinning up when they were accessed and the extra delay you had in bringing your system back up after it went to sleep. It has also been mentioned that there will be possible security problems, since the flash is separate it will not be automatically cleaned by some of these data cleaners businesses use to clean data from their old systems and it could possible be used by malware to hide from anti spyware and anti virus programs.

Security conscious organizations are taught to be very aware of data left on hard drives when PCs are disposed of. However, [Flash] memory is nonvolatile, so a company could end up with up to 512Mbytes of data lying around in memory on the motherboard or on the side of the drive.

Few companies own the industrial-scale degaussing equipment that can instantly be used to fry the data on a drive, and instead rely on software that laboriously overwrites the magnetic surface.

Another security implication of hybrid drives is that, depending on the interface between the operating system and the drive, it may also be possible to hide malicious code in the Flash memory that is not detected by virus scanners. Source: Applied Miscellany

An article from Cnet in 2005 discusses some of the benefits as the drives were first being developed.

Typically, hard drives rotate. Hard drive motors, along with LCD screens, are two of the largest consumers of power inside a laptop.

In the hybrid, the drive rarely spins. In the prototype hybrid being shown off Monday at the Windows Hardware Engineering Conference, the drive spins only about 30 to 45 seconds every half hour, said Ivan Greenberg, director of strategic marketing for Samsung Semiconductor. The goal is to get it to 30 to 45 seconds for an hour.

“The traditional hard drive takes up about 10 to 15 percent of the battery power of your notebook,” Greenberg said. Thus, in a notebook with a four hour battery, the hybrid drive could extend battery life by about 36 minutes. Source: Cnet

This post from PCWorld references Superfetch, a term I don’t think I had seen before, but apparently it is the portion that manages the memory and will eventually learn which you will need loaded and will copy that data to the flash drive.

Three HHD-related Windows features you need to know: Superfetch, ReadyBoost, and ReadyDrive.

SuperFetch, a new memory manager for Windows, uses available memory to proactively cache data that you’re likely to need. Eventually, it learns which applications and data you habitually use and when you use them, and it does this on a per-user basis. I’ll be interested to see if SuperFetch works well enough to justify adding lots of memory to desktop machines.

As Denny Arar explains, ReadyBoost makes more memory available to SuperFetch by creating new memory pages on USB flash drives and the flash memory in hybrid hard disks. Source: Today @ PCWorld

The benefits I see are great and I can’t wait to get a Windows Vista system with one of these drives to try out, if my older, still fast but extremely hot laptop had some of these drives, I would probably still be using it every day. If anyone wants to send me one, I’d surely give it a good once or twice over. Oh, I almost forgot to mention, Windows Vista will be able to use USB drives for cache memory using Windows Readyboost, you will actually be able to leave it plugged in and boot from it, and, if you need to remove it, nothing will be lost as it will just be caching files that are already on the drive.

One of the new features in Windows Vista that I really want to take a look at is the Windows ReadyBoost, which allows you to use thumb drives, or jump drives, enter your favorite USB drive term here, to speed up Windows Vista. So, if you have a system that doesn’t have as much memory as you like, or as much as Vista wants, you can plug in your USB drive and Vista will use it as virtual memory, that is not quite as fast as system memory, but quite a bit faster than accessing the swap file on the hard drive. This one commenter said he has a 4gig USB drive and is thinking about just leaving it plugged in his computer, since it speeds it up so much.

If there is one thing that can really help applications on Windows Vista run better, it’s memory. When comparing the performance of Windows XP and Windows Vista on a PC with 1 GB of main memory, Windows Vista is generally comparable to Windows XP or faster. However, we also know that in some cases, on PCs with 512 MB of main memory, applications on Windows XP may seem more responsive. Why? Mostly because the features in Windows Vista use a bit more memory to do the things that make it so cool, like indexing your data, keeping the fancier AERO UI running using the desktop window manager (DWM), etc. The less memory in your machine, the more often the OS must randomly access the disk. This slows system performs in cases where your applications just barely fit in memory on Windows XP but not quite in Windows Vista.

While I fully expect the generation of PCs that ship with Windows Vista to include more memory, we also know that many existing PCs have 512 MB. While memory has gotten much less expensive, many (non-geek) people I know are just not comfortable opening up their PC and installing more memory. While there are some great PC shops that will do this for you, a lot of people may not want to bother. Well with Windows ReadyBoost, if you have a flash drive (like a USB thumb drive or an SD card) you can just use this to make your computer run better with Windows Vista. You simply plug in a flash drive and Windows Vista will use Windows ReadyBoost to utilize the flash memory to improve performance.

So, if you just want your PC to run faster with Windows Vista — it’s pretty simple — connect your flash drive through any USB 2.0 socket or PCI interface and when the auto play interface comes up, choose “Speed up my system using ReadyBoost.” You need to have at least 230 MB free on the flash drive and some flash disks are not fast enough to support Windows ReadyBoost, although you’ll be told if that’s the case. Source: Windows Vista Team Blog

What would be cool is if system manufacturers actually included some USB drives with their systems, you can get a 1gig drive for less than $50 nowadays. They noted that if you remove the USB drive, it won’t affect your system, because it is using files on the USB drive that are also on the hard drive, you will just loose the performance gains. The data on the drive is also encrypted, so you don’t have to worry too much about loosing the drive. He also noted that Windows Vista will learn what you do most often and will try to optimize your system for that as well.

Windows Readyboost FAQ is here and some good shots of the install screens are here.

If you have used your computer for any length of time, then you’ve probably already guessed that the hard drive is the slowest component in your system. I’ve been waiting for the day when we have hard drives that are faster, lots faster, has that day arrived, well, yes and no. Tom’s Hardware has reviewed Samsung’s 32 GB Flash Drive and it looks like it could be very useful, even if it’s not ready for prime time. You can add this flash drive to your system and you can create hybrid hard drives, which allows Windows Vista to prioritize data accross the hard drive and flash drive to help cut down waiting times on data access.

Windows Vista has two new, related features, one is called Windows ReadyBoost, and it allows you to add flash storage, such as this flash drive or a usb thumb drive, and because Windows can retrieve data more quickly, it can really improve system performance, and the data is encrypted when the device is removed to prevent access by others.

The second feature is called Windows ReadyDrive and combined with the flash drive will allow your computer to boot up faster, resume from hibernate in less time, preserve battery power, and improve hard disk reliability. You can store your operating system files and swap file on the flash drive and cut your boot time in half, if their review is any indication.

Samsung has released mobile computers based upon its Solid State Flash hard drives into the Korean market as of early June. The Q30 laptop generates as little as ~30 db(A) of noise, while the Q1 portable runs totally silent and according to Samsung both boot Windows XP 25-50% faster than systems featuring traditional hard drives. Considering that both system run on conventional Pentium M / Centrino hardware, their respective MSRPs of $3,700 and $2,430 seem a little pricey.

As a stand-alone purchase it would wise to utilize the fast file access as a location for your operating system and swap files, and distribute file/system access between existing drives. Integrated features of the drive also let users easily take advantage of Vista’s new ReadyBoost/Superfetch features. The power consumption and physical sturdiness of the unit indicate strong inclinations toward mobile use and should allow for the manufacture of products with longer battery life, increased durability and reduced weight as well as decreasing boot times. Non-volatile, large capacity Flash based SSD is a fantastic idea whose time has almost come.

It’s a great review, click here and check out all of the comparisons with regular hard drives, suffering mainly in bandwidth limitations due to the interface, one of these drives could boost your system performance greatly.